As the COVID-19 pandemic and work from home patterns continued in fits and burst, 2021 was yet another year in which cybersecurity incidents became mainstream news and captivated worldwide attention. Here were some of the incidents that we covered and which mattered most in the Australian context.
The temporary shutdown of the largest petroleum pipeline in the US has brought part of the United States to a standstill.
The Colonial Pipeline supplies to over 10 states with gas, jet fuel, diesel and heating oil among its core transports. It extends over 8,850 kilometers between Texas and New York.
The Colonial Pipeline incident sent shivers down the global spine and created fuel shortages and mass runs at petrol bowsers as the country’s lifeblood came to a temporary halt.
The company claimed it feared massive damage to fuel transportation systems and therefore decided to pay the US$4.4 million ransom to retrieve its encrypted data.
By day 11 it was noted that 87% of petrol bowers in Washington, D.C were empty. President Joe Biden even proclaimed a state of emergency – over a cyber-attack.
The world’s largest meat processing company was struck by a ransomware attack impairing some of its servers supporting North American and Australian IT systems.
Being the second largest provider in the US and largest in Australia, it disruption brought US production down to 22% on the previous year’s corresponding time.
Experts said that companies like JBS make a lucrative target for cyber criminals given their vital role in the food chain – pushing pay-outs to high amounts.
In Australia, operations were halted at JBS meat plants, and the company paid a $14.2 million ransom, claiming “we felt this decision had to be made to prevent any potential risk for our customers”.
A cautionary warning for utilities and governance agencies – cyber criminals managed to infiltrate Florida’s water treatment facility in an unsuccessful attempt to increase sodium hydroxide dosage in the water supply to dangerous proportions (and then extort the utility to their end afterwards).
It was clear that the use of outdated software was a principal vector of this attack.
Many small public utilities suffer from aging infrastructure with IT departments tending to be under-resourced, lacking budget and expertise to upgrade security postures and address vulnerabilities in a timely fashion.
Besides running an out-of-date 32-bit version of the Windows 7 operating system, it was noted that the machines also shared the same password for remote access and are said to have been exposed directly to the Internet without any firewall protection installed.
The breach hit home just how ubiquitous cyber attacks are in modern times.
Being at the center of possibly the largest cyber-attack on a media company in Australia’s history, the incident brought the production systems of the network to a grinding 24-hour halt.
The incident correlated with another suspected attack on Australia’s parliament in Canberra.
It was reported that earlier broadcasts from Sydney were cancelled through the morning and swapped with pre-recorded or interstate content, which is unheard of in recent times.
A crack in a cybersecurity company: one of the most frontiers in online security is when those looking after our security are themselves compromised.
Kaseya is a cybersecurity company offering automation software and remote management software. In this incident, 800 stores were unable to open in Sweden because their cash registers weren’t working. Among the affected were the Swedish State Railways and a major local pharmacy chain.
A supply chain attack by the notorious REvil ransomware gang locked up the systems of hundreds of organisations in one fell swoop after a malicious update was pushed out to customers of Kaseya.
The zero-day vulnerability used to breach on-premises Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive attack.
The vulnerability was disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before rolling it out to customers.
Nonetheless, it was too little too late as threat actors undertook one of the defining attacks of 2021.